Читаем CISSP Practice полностью

Any information that doesn't need to be safeguarded against disclosure but must be safeguarded against tampering, destruction, or loss due to record value, utility, replacement cost, or susceptibility to fraud, waste, or abuse.

Unified modeling language (UML)

Activities related to the industry-standard unified modeling language (UML) for specifying, visualizing, constructing, and documenting the artifacts of software systems. It simplifies the complex process of software design, making a “blueprint” for construction.

Uniform resource locator (URL)

It is the global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located.

Unit testing

Focuses on testing individual program modules, and is a part of white-box testing technique. Program modules are collections of program instructions sufficient to accomplish a single, specific logical function.

Universal description, discovery, and integration (UDDI)

An XML-based lookup service for locating Web services in an Internet topology. UDDI provides a platform-independent way of describing and discovering Web services and the Web service providers. The UDDI data structures provide a framework for the description of basic service information, and an extensible mechanism to specify detailed service access information using any standard description language. UDDI is a single point-of-failure.

Universal mobile telecommunications system (UMTS)

A third-generation mobile phone technology standardized by the 3GPP as the successor to GSM.

Universal serial bus (USB)

A hardware interface for low-cost and low-speed peripherals such as the keyboard, mouse, joystick, scanner, printer, and telephony devices.

Unrecoverable bit error rate (UBE)

The rate at which a disk drive is unable to recover data after application of cyclic redundancy check (CRC) codes and multiple retries.

Update (patch)

An update (sometimes called a “patch”) is a “repair” for a piece of software (application or operating system). During a piece of a software’s life, problems (called bugs) will almost invariably be found. A patch is the immediate solution that is provided to users; it can sometimes be downloaded from the software vendor’s website. The patch is not necessarily the best solution for the problem, and the product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In larger operating systems, a special program is provided to manage and keep track of the installation of patches.

Upgrade

A new version of an operating system, application, or other software.

Usability

A set of attributes that bear on the effort needed for use, and on the individual assessment of such use, by a stated or implied set of users.

User

An individual, system, or a process authorized to access an information system by directly interacting with a computer system.

User authentication

User authentication can be achieved with either secret or public key cryptography. Creating a one-time password is an example of achieving user authentication and increasing security.

User-based threats

Examples include attackers using social engineering and phishing attacks, where the attackers try to trick users into accessing a fake website and divulging personal information. In some phishing attacks, users receive a legitimate-looking e-mail asking them to update their information on the company’s website. Instead of legitimate links, however, the URLs in the e-mail actually point to a rogue website.

User datagram protocol (UDP)

A commonly used transport layer protocol of the TCP/IP suite. It is a connectionless service without error correction or retransmission of misordered or lost packets. It is easier to spoof UDP packets than TCP packets, because there is no initial connection setup (handshake) involved between the two connected systems. Thus, there is a higher risk associated with UDP-based services.

User-directed access control

Access control in which users (or subjects generally) may alter the access rights. Such alterations may be restricted to certain individuals approved by the owner of an object.

User entitlement